MazeHunter offers Cymmetria’s enterprise customers the ability to engage in legal hackback—to operate within the legal boundaries necessary to investigate and take action when interfacing with live adversaries, and compromised hosts and tools, within the confines of their network environment. In the webinar we discuss the divide between hackback and incident response, and give a demo of our new product feature: MazeHunter.
We will detect, bypass, and abuse honeypot technologies and solutions, turning them against the defender. We will also release a global map of honeypot deployments, honeypot detection vulnerabilities, and supporting code.
The concept of a honeypot is strong, but the way honeypots are implemented is inherently weak, enabling an attacker to easily detect and bypass them, as well as make use of them for his own purposes. Our methods are analyzing the network protocol completeness and operating system software implementation completeness, and vulnerable code.
As a case study, we will concentrate on platforms deployed in real organizational networks, mapping them globally, and demonstrating how it is possible to both bypass and use these honeypots to the attacker’s advantage.